Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone."
The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.

If you want to go full on paranoid, that everything you are told might be a lie, they might be. But why ask the question here. We might be lying.

If however you're interested in the technology, an image of the fingerprint isn't stored anywhere. The fingerprint scanner creates a hash, and that is stored in a dedicated secure area in the CPU, salted with a UID from the phone. It's not possible to recreate an actual print from the hash, even if the hash were accessible from software, which it's not.

Thanks for the link, it's rather informative.I wonder if this reader will be susceptible to dry-finger issues common to touchscreens? Generally an uncovered screen is better, but with a protective film (likely not needed on the fingerprinter reader) dry fingers tend to work poorly. On really dry days, even the straight screen can be a little dicey.

I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.

So, a simple, "| xterm" typed in got you a root shell immediately.

This was patched in the next minor rev, but it was a fairly gaping hole at the time.

Because those of us who value privacy would like our phones to remain locked until we unlock it ourselves. I'd hate to have my email accounts and photos read or copied simply because I misplaced my phone and someone else found it.

I tried a good 10 times on my 4 before I got it to work - it's not mentioned and an easy bit to miss in the video: as soon as you tap close you have to do the double-tap on the home button and hold the second tap a little longer than a second maybe. The key though is to do this AS SOON as you hit "Cancel." How this person ever came across the flaw is beyond me, but good poking. Someone should hire her for a QA team.

Works for me on a regular 4. You cannot launch new apps but previoulsy opened apps that are running are accessible.

When I tried it (on an iPhone 5), it does seem - as in the demo video - the apps have to have been opened very recently.

This seems to be related to how iOS 7 handles multitasking. I wonder if disabling background updating of apps would fix it? Later yesterday (after I played around trying to replicate this bug) I disabled background updating, mainly to try to address the poor battery life suckage iOS 7 seems to have introduced on my phone...

I was able to replicate it on the iPhone 4s.
On my first try the programs showed up for half a second then it went back to the lock screen. The second try it worked just fine but when I tried to open the "desktop" (I'm new to the phone so I don't know the right word) it locked again.

Swipe up, clock app, sleep button, cancel out of the power off dialog, hit the home button twice. Yes, one can swipe and see what apps were once run, but it will ignore any taps on other apps, and if one taps on the Springboard icon, it will drop back to the lock screen.

Yes, this is a bug, and hopefully 7.0.1 will fix it, but it doesn't allow anyone off the street to get to your contacts and such.

There is a bug, but it is not what most would consider a lock screen bypass. iOS7 has a new task switcher and you can access this, but it has reduced privileges meaning you can't access any app that you couldn't from the lock screen. And even then it isn't reliable (very likely due to it being the result of a bug).

What it *does* do is leak information about what is installed on the phone, and badges for installed apps (e.g., number of unread emails). But only if those applications are running. Doing a fresh

Exploring this further, it appears that someone doing this casually may think they have a lock screen bypass because they go through the steps and get full access to any application. The key here is the behavior of locking the phone: is the passcode immediately required or not? If testing this you have to either set that to immediately or wait long enough to ensure it isn't still just "swipe to unlock".

On another note, some combination of factors resulted in no access to the quick swipe apps. Could still sw

Ten seconds is the time limit given for an app to finish its business if it ceases to be in the foreground or the phone screen is locked. I don't think background services or the brief window in which a compatible app is restarted for Background App Refresh really count.

I can't replicate it either. The YouTube video claims I double-tap the home button but the second tap is slightly longer? By the end of the first tap it's already bringing me back to the lock screen, i.e. by the time I'm pressing down for the second tap, I'm already being taken back to the lock screen. iPhone 5, updated last night to 7.0 (11A465).

but on my iphone 5 I can do nothing with it. I can see what apps are open. I cannot see their content and I cannot open any of them, and if if I play around in there too long it goes back to the lock screen.

I was able to access contacts indirectly. Go into the gallery and share a picture and use messaging. At this point hit the + sign in the upper right. You are then in Contacts. You can view names and phone numbers. I wasn't able to figure out a way to edit contacts or get more details.

I was able to replicate this WITHOUT having the 'Passcode Lock' enabled.

I was UNABLE to replicate this WITH 'Passcode Lock' enabled.

I've now restarted an iPad Mini and am STILL UNABLE to replicate with the 'Passcode Lock' enabled.

I'm not sure what the problem with this feature is. Sure, they've 'bypassed' the swipe to unlock screen; but, the user has specifically poked and prodded this iPad Mini in what, I assume, is an extremely unlikely situation. By itself I'm

My (admittedly fairly unscientific) testing seems to indicate that if you have your passcode lock set to lock immediately, you can see what apps are running, but you cannot open any of them. If you set your passcode lock to lock after 5 minutes, you can access the applications... but you could just swipe from the "lock" screen to do the same thing.

As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit

We are currently involved in heavy lobbying to our product designers to create 14k gold replacement screws. They'll be $50 each and strip the first time you try to unscrew them, so they will be perfect for the iPhone. Stay posted.

As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.

So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera whe

You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

Yes, it is new to the iPad.

The iPhones (and the forgotten stepchild of the line, the iTouch) had a camera button on the lock screen, but - on IOS6 and below - you did not have this feature on the Ipad.

On the other hand, you did get the stunningly useless "picture frame" button on the iPad lock screen. You know, for those times the battery wasn't draining fast enough on its own. That's disappeared with iOS7

As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen

That feature has been included even before iOS7. I could already access the camera in my phone (4S) with only iOS5.x by turning the lock screen on and then swipe the camera icon upward to open the camera functionality. I could also access all pictures taken from this session of the camera as well. However, I cannot access any other pictures taken outside of the session. In other words, other pictures that are already in the photo gallery before turning the camera functionality on from the locked screen are

Couple quick things. Firstly, that feature was already there, odds are you had disabled it before and that setting was reset with the update. Also, you can't access any existing photos from there, it'll only let you browse the photos you've taken since opening the camera, and resets each time you lock the screen again. There are similar features on other phones, it's handy and not by itself a security risk. As for not imagining anyone wanting to have the device open for the camera when it's locked, I think you lack imagination, and possibly even basic sense. I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password, it often makes the difference between a photo of an animal grazing and one of their behind as they run into the woods.

It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.

I know they are different things, but it was the camera access that got my attention. Disabling Control Panel access, I think, as I mentioned in the original post, avoids the issue. As far as I can tell, there is no way to get to anything on my iPad without unlocking.

The ad hominem about my lacking imagination and/or sense was not needed or polite.

I'm not sure if I misunderstood you then or now, but if you understand the article is about something entirely different than the feature you describe then I'm not sure why you bothered to mention it, as it has nothing to do with the article. I'm not shocked you weren't able to reproduce the issue on your iPad, as it seems to be a problem specifically with the iPhone 5S, as described in the article, and there are reports around the web of being unable to reproduce it on other devices.

I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password [...]

But imagine if I didn't have to enter a password. Imagine if I had some sort of biometric type of system, like a fingerprint reader or facial recognition or something, that would let me unlock my phone without having to enter a password.

"I can't imagine anyone wanting to have the device open for the camera when it is locked."

Well some people want to take pictures right away, before having to type in a password to get to it. Taking inappropriate pictures on your phone/ipad is easily deleted once the damage is done. This was on iOS 6 too.

While it's elegantly done on iOS (swipe up to activate camera versus right when unlocking), on Android, this one feature (introduced in Jellybean 4.2) is probably implemented in the most asinine fashion.

In 4.2, they turned the lock screen into another home screen with limited privileges, so they added pages to the left and right of the lock (left page(s) - user defined widgets, right page - camera). The problem is if you're using the swipe code

Apple have acknowledged the issue and that they intend to fix it, however 7.0.1 is a bug fix release for the 5C and 5S to make up for the fact that their builds are older. (They had to be finished in time to get the phones into boxes and shipped to stores.) I would be surprised if 7.0.1 did anything but bring those two handsets up to date, this bug included.

I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like amateur hour, like a bunch of students got together to create a redesign of iOS. I can't tell if they put an inexperienced team on the job, if managers with no proper UX experienced were meddling, or they outsourced the bulk of the work. But as a creative director I would have rejected much of what I was seeing and I can't imagine that Steve Jobs would have approved this release.

There are a number of UX issues with iOS 7 that I'm frankly quite surprised made it through testing or that anyone thought these were good ideas. Ignoring the theme itself (lower definition icons means less context, especially with hi res screens, that context would have been very usable it's the whole reason we do things like image previews for icons in modern OSes rather than generic jpg icons).

1) The "partial shift" no longer has a distinct visible mode on the keyboard. iOS has 4 modes for the shift butt

There is an option to set the font to bold, which does dramatically improve the thin fonts (though some of the larger text, like the lock screen clock looks odd), it's under the accessibility settings. There's also an increase contrast option (which is distinct from the invert colors option) though I haven't found where that takes effect.

This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

Not really. It's probably part of the silicon that the A7 uses - modern ARM SoCs are full of processors besides the main ARM core - often many auxiliary processors exist. The M7 is

From what I know about the A7, it is slightly larger than the A6 (die size). I didn't know whether they could fit it in the amount of space if it incorporated a M7 as well as the other changes. Yes, the A7 is on a 28nm instead of 32nm but I didn't think it would be enough.

Success! The timing of holding the home button seems to be very critical. I start double-clicking right as soon as I hit the CANCEL button, and hold the 2nd click for about three seconds before releasing. Even after my successful try, I still have trouble doing it consistently.

On a side note, nearly every app was still locked to me. I was able to get the camera and pics open, but that was it.

Swipe up on the lock screen to enter the control center, and then open the alarm clock

Isn't granting access to unauthorized users to the control centre enough of a security hole? Opening the alarm clock? WTF?This reminds me of OS X, which leaves media keys enabled when the screen is locked - effectively giving access to any audio you may have queued to bystanders.

Yeah I got the same. I can see the apps and can close them but most are just dark blank screens and not the actual app and none can open. The only thing that opens is the alarm app and if you click the home screen one it just goes back to the lock screen.

As far as I can tell as long as your lock screen is password protected it won't show any part of the app other than the initial view (e.g. a blank safari, or a splash screen of the app). So for example if you were viewing an email it doesn't seem the email will be visible in the multitask screen.

Now if you're not password protected (either off or you don't require a passcode immediately) and do the same trick the multitask screen shows everything and you can switch apps but that's fine since you can already unlock without a password.

Actually the only security problem seems to be the Camera app. Since the camera app is allowed from the lock screen if you open it via the multitask screen while using this trick it opens the full camera app.

Normally the camera app when password protected can take new photos and can't access old ones but when you do it this way you have full access to the camera roll. You can delete photos, share them (txt, email, twitter, facebook, etc).

Ideally, any banking app should have the option to set a PIN code or a password, and after 5-10 wrong guesses, either start adding an exponential delay, purge itself (if there is no critical data just stored with the app) or demand the banking username and password. That way, one's data is protected unless the phone gets compromised when the app is inuse.

There is also an API for storing data in a protected subdirectory as well, so when the device is locked, the stored files are inaccessible. That way, if